States Say Cybersecurity is Our Business

1
States Say Cybersecurity Is Our Business
maxcybersecurity.com/states-say-cybersecurity-is-o
ur-business
States Say Cybersecurity is Our Business The
federal government has been dragging its feet
when it comes to addressing cybersecurity
concerns. Federal legislation has been slow to
come, and state governments have been developing
their own approaches. Several bills have been
introduced and co-sponsored by members of
Congress on both sides of the aisle. However,
all efforts to address cyber law on a national
level have stalled and many states just arent
waiting around any longer. Clearly, the gravity
of the situation surrounding cybersecurity
measures must be taken seriously given the
amount of data and network breaches the country
has already experienced in recent years. As a
nation, we must appear strong and show
leadership in the cybersecurity realm, which so
far, we have failed to do. Thus, individual
states, such as California and Ohio, have taken
it upon themselves to create and enact
cybersecurity laws. To many people, this makes
sense as a lot of citizens believe in state
determination. However, a hodge-podge and mixed
bag of law will eventually create more seems
benefiting the hacker. Business loses when they
must meet the requirements of 50 different
jurisdictions. Assuring these types of issues
dont minimize the growth of the nation or its
security is a role of the federal government. It
seems in this time of partisan politics security
has become another area of contention. However,
the only thing we should be arguing about is to
what extent and not should a law be put in
place.
2
Senate Bill No. 327 California In August of 2018,
a California Senate bill, No. 327, was passed by
both Houses of the California State Legislature
and it is awaiting Governor Jerry Browns
signature to enact the bill. The bill is meant
to update the current state law that demands a
company discard a clients record that contains
personal information, if it is no longer of use
to the said business, by shredding the documents
or making them illegible. In addition to this,
the bill would create a new provision within the
California Civil Code titled, Security of
Connected Devices. The main goal of this
provision is to safeguard both the device and
the information it manages from unlawful access
and nefarious agents. This means that anything
(sensors) capable of connecting to the Internet
of Things (IoT) requires manufacturers to equip
the device with a reasonable amount of security.
At least, secure the device for reasonable
protection against data theft. Senate Bill No.
220 Ohio Similar to Californias bill, Ohio also
enacted a new law surrounding the issue of
cybersecurity-related to IoT. The law is directed
at protecting all Ohioans by requiring
businesses to create and abide by their own
cybersecurity programs. The state is hopeful
that corporations will invest more resources in
protecting their networks, which as a result,
will greatly help secure sensitive information of
customers. To make things easier for those who
are unfamiliar who security protocols, the state
intends to provide businesses with different
industry-recognized cybersecurity frameworks.
The goal is to promote cyber planning and the
execution of cybersecurity measures. The
legislation will also provide an affirmative
defense to a lawsuit that claims a security
breach occurred as a result of a companies
failure to devise satisfactory security measures
making everyone accountable for their actions
or lack thereof. National Security There is no
time to waste when it comes to securing
cyberspace. Security starts at the local level.
However, national security requires assistance
from the federal government. A variety of
threats are visible on the horizon and they will
not go away. There are too much money and power
to be gained from hacking and the spoils of data
theft. If national legislators simply turn a
blind eye to the threats, we will continue to
witness the massive data breaches occurring every
day. We will continue to provide a highway for
hackers to drive in and load enabling data into
their vehicle are cart it off to their
bank. Cybersecurity is a business process like
accounting and limiting liability. Holding
hackers and thieves responsible should be one of
the governments top priorities. Holding
businesses responsible is just as important. It
is evident that we lack the leadership to move
the ball in this dangerous game. Even as the
European Union (EU) implemented the General Data
Protection Regulation (GDPR) earlier this year,
Congress still doesnt realize that cyber
leadership is not an option. The GDPR addresses
data privacy laws and regulations that entail
serious penalties if broken
3
and apply to users both within and outside of the
EU. Conversely, this nations lack of law allows
access and cybersecurity ambivalence to
businesses inside and outside of the U.S. We
Mean Business If the U.S. wants to maintain its
superpower hold on the global stage, it is
imperative that the federal government creates
and enacts laws that will protect the American
people, infrastructure, and economy from
cyber-related attacks. This starts with creating
a culture of cybersecurity underpinned with law.
Not only will this prove to American businesses
that there is no tolerance for weak cybersecurity
application, but also let other countries, and
enemies, know that we mean business.